For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

Security investments remain a tough sell

IT staff struggle to make the case for return on investment

Corporate IT security staff continue to struggle with balancing security
investments and business priorities.

Funds spent on security cannot be measured as a return on investment because
they may or may not prevent a disaster.

In regulated businesses such as banking, insurance and medicine, security is
mandated by regulations, but this does not completely alleviate the problem.

"Companies further along the security curve are saying: 'I spend lots of
money on security. All I can tell my chief financial officer is that he can
sleep well at night because I'm spending all this money,'" Arshad Matin, vice
president for compliance and risk management at
Symantec,
said at a company event during the
RSA
Conference in San Francisco.

"They are looking for ways to quantify the benefits in a way that business
leaders understand."

Christopher Leach, chief risk officer at
First
Horizon, recommended that companies treat security risks as a potential
system outage to estimate the potential risk and justify investment.

"As soon as you put it back into business terms, [senior management]
understands it and you're done," he said.

Return on investment is difficult to measure. If a security breach brings
down a transactional system, the damage can be quantified fairly easily.

But in the rare case that an incident becomes public, a firm's reputation and
stock price are also likely to suffer.

This requires enterprises to shift security policies from a reactive mode in
which they respond to incidents, to a proactive mode in which they actively try
to prevent incidents.

This in turn changes the jobs of a firm's security staff from plugging holes
to educating business lines about the costs in case of an incident and building
a consensus about the best solution.

"But the challenge to that approach is that the chief security officer is
held accountable," warned Leach.